[pass] [PATCH 2/2] reencrypt_path: change to a more robust way of getting current keys

Mon Sep 22 06:19:01 CEST 2014

On 22 September 2014 04:01, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> On Sat, Sep 20, 2014 at 8:58 AM, <duncankburke at gmail.com> wrote:
>>
>>
>> +               current_keys="$($GPG -v --no-secmem-warning
>> --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 |
>> sed -n "s/^.*public key is \$.*\$$/\\1/p" | LC_ALL=C sort -u)"
>
>
> Will this work on non english locales?

No, I checked the gpg source. I wasn't aware it was localised. The use
of cut also breaks under some locales as there isn't always the same
number of fields. I've modified my patch accordingly.

>From a556daa0657c498d7ffe0c312483d4e1f22ea918 Mon Sep 17 00:00:00 2001
From: Duncan Burke <duncankburke at gmail.com>
Date: Mon, 22 Sep 2014 12:17:02 +1000
Subject: [PATCH] reencrypt: remove blank lines in output for current_key

For an ASCII-armoured file encrypted with one or more public keys,
"gpg -v --list-only --keyid-format long $file" outputs the following.

(version line)
(armor header line)
(public key #1)
(public key #2)
(public key #n)

This behaviour is determined by do_proc_packets (g10/mainproc.c) and could
change with gpg version. Also, if the file were to change format, for
example through the addition of a signature, this behaviour could not be
relied upon.

To extract the the public keys, the top two lines are stripped and the
keys are parsed from the remaining lines. The format of the lines depends
on the localisation. For example:

English:
gpg: public key is 2698F2A9D132D31E

Turkish:
gpg: genel anahtar: 2698F2A9D132D31E

The number of fields cannot be relied upon, so sed is used to extract
the key from the end of the line, stopping when a space is reached.

Signed-off-by: Duncan Burke <duncankburke at gmail.com>
---
 src/password-store.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index cf57fd3..3c68773 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -123,7 +123,7 @@ reencrypt_path() {
             done
             gpg_keys="$(printf "%s\n" ${gpg_keys[*]} | LC_ALL=C sort -u)"
         fi
-        current_keys="$($GPG -v --no-secmem-warning
--no-permission-warning --list-only --keyid-format long "$passfile"
2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)"
+        current_keys="$($GPG -v --no-secmem-warning
--no-permission-warning --list-only --keyid-format long "$passfile"
2>&1 | tail -n +3 | sed -n "s/^.* \\([^ ]*\\)$/\\1/p" | LC_ALL=C sort
-u)"

         if [[ $gpg_keys != "$current_keys" ]]; then
             echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }"
-- 
2.0.0
